This Article is From Dec 20, 2022

Patients' Data Given To Insurance Companies? What Centre Told Parliament

The health minister said that under the HDM policy, various limitations have been imposed on sharing of health data so as to ensure that the privacy and data protection principles are adhered to at all times.

Patients' Data Given To Insurance Companies? What Centre Told Parliament
New Delhi:

The Ayushman Bharat Digital Mission (ABDM) facilitates secure data exchange between intended stakeholders on its network after the patient's consent and no data is shared with any other entity, including insurance and pharma firms, without the individual's consent, the Rajya Sabha was told on Tuesday.

Responding to a question on whether patients' health data is shared with insurance and pharmaceutical companies under the Health Data Management (HDM)policy, Health Minister Mansukh Mandaviya said the HDM policy is a guidance document which sets out the minimum standards for privacy and data protection that should be followed by all the participants/stakeholders of the ABDM ecosystem. The policy was released on December 14, 2020, by the Ministry of Health.

 'Privacy by Design' is one of the key guiding principles of ABDM and implemented following the principles of federated digital architecture, Mandaviya said. 

"Therefore, there is no centralised repository of data. The ABDM facilitates secure data exchange between the intended stakeholders on ABDM network after the patient's consent. HDM policy specifies that no data shall be shared with any other entity including insurance and pharmaceutical companies without consent of the individual," he said.

The health minister further said that under the HDM policy, various limitations have been imposed on sharing of health data so as to ensure that the privacy and data protection principles are adhered to at all times during the course of sharing of such health data. 

A purpose-based limitation on sharing of data has been imposed on the Health Information Users. Also, the entity to which data is shared (Health Information User) would not further disclose the data without obtaining the consent of the data principal (the individual), he said. 

"The data shared would also not be stored beyond the period necessary for the purpose specified while obtaining the prior consent of the individual. In addition, principle of data minimisation will also have to be adhered to by the entity which has received the shared data," Mandaviya said.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

.